

   


 

    ,   2-    2-  :
-  
-  

- 
-  

     :
c:/temp/sinj4.xml
c:/temp/dinj.xml
c:/temp/dpost.xml

   
c:/temp/loader.log
c:/temp/core-dll.log




 -    PowerShell v2.0,    ,
       .
     .
    Message.
        ,   .
,       (    ),
     .   ,   
  ( , "*substring*: no match in c:/temp/logname.log"

   :
sinj_proxy_alive
dinj_proxy_alive
dpost_proxy_alive
*       

loader_log_started
core_log_started

chrome_has_inject
ff_has_inject
ie_has_inject
edge_has_inject

chrome_dpost_ok
ff_dpost_ok
ie_dpost_ok
edge_dpost_ok

chrome_http2_off
ff_http2_off
ie_http2_off

  
 




     PowerShell v2.0.
      ,    .

         .

    (  *proxy*    )  
     loader.exe,       
   .

    
2018-08-14 00:01:02 test_name started
*  ,   (Message)
2018-08-14 00:01:12 test_name: OK|FAILED|SKIPPED

    (  )    ,
 .      .




   ,     :
-    sinj
-    dinj
-    dpost
-    loader.log
-    core-dll.log
-    (20   )
-    (35   )
-    (1   )
-   url  


   

* sinj_proxy_alive
  sinj     ,  TCP-
  .
 ,    TCP-.

* dinj_proxy_alive
  dinj     ,  TCP-
  .
 ,    TCP-.

* dpost_proxy_alive
  dpost      TCP-   .
 ,    TCP-     .

* loader_log_started
 loader.exe.
 ,    :
-   loader.log   
-    
Browsers payload unpacked successfully

* chrome_has_inject
 loader.exe.
     .
     :
-   core-dll.log   
-    
We are Chrome
Chrome version: xxx
Chrome SSL functions found
(    )
-      3  chrome.exe    
(     ,     
browser crashed!
)
-     
Chrome SSL functions NOT FOUND
  ,       (  )    

* ff_has_inject
 loader.exe.
     Mozilla Firefox.
     :
-   core-dll.log   
-    
We are Firefox
Mozilla Firefox version: xxx
(    )
-      1  firefox.exe    
(     ,     
browser crashed!
)

* ie_has_inject
 loader.exe.
     Internet Explorer.
     :
-   core-dll.log   
-    
We are IE
IE version xxx
(    .      ,     )
-      1  iexplore.exe    
(     ,     
browser crashed!
)


* edge_has_inject

chrome_dpost_ok
ff_dpost_ok
ie_dpost_ok
edge_dpost_ok

* chrome_http2_off
 loader.exe.
     Chrome.
     :
-      chrome.exe    
  --disable-http2 --use-spdy=off --disable-quic

* ff_http2_off
 loader.exe.
      %APPDATA%\Mozilla\Firefox\Profiles\<profileName>\prefs.js
  ,     
user_pref("network.http.spdy.enabled.http2", true)

* ie_http2_off
 loader.exe.
      :
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHTTP2 == 0


  

*     ,   :
-    Google Chrome
-    Mozilla Firefox

*    :
-  ,        .
         ,  .

*    (   )
 loader.exe.
    .
      .
       .
    
TODO
 ,   .
      WinAPI.
